Alex Cowan, CEO at RazorSecure, highlights some of the key cyber security issues facing the rail industry
A November 2020 report by The European Union Agency for Cybersecurity (ENISA) identified some of the challenges faced by the rail industry to ensure maintenance of cyber security across critical operational technology (OT) systems These included balancing the needs for high levels of cyber security against business competitiveness, finding suppliers with the relevant technical skills and ensuring the security of systems that were state of the art when built, but may now be vulnerable to attack.
Arguably external attack from hackers is one of the most significant and serious threats to railway networks. Interfering with the smooth running of train systems threatens to not only affect the safety of millions of passengers but could also potentially result in significant disruption to the organisation’s operations. The EU Directive on security of network and information systems (NIS Directive), which has been implemented across Europe, requires rail operators to boost levels of cyber security and develop a stronger and deeper culture around security. This has focussed rail companies on designing and implementing effective cyber security programmes to better manage risk within the control of rail networks.
A different kind of protection
Traditionally, cyber security has primarily been focussed on the protection of access to data within systems – such as passwords, bank card details or other personal information. The challenge for the rail industry is more complex. Most information flow in rail networks involves communications from OT control systems to operational and comfort systems onboard the train. Enforcing separation between networks is a key requirement of an effective security strategy for the industry and this is an area not typically addressed by the traditional cyber-security industry.
UK-based RazorSecure provides leading companies across the rail industry with tailored cyber security solutions. As specialists in rail, its technology is designed to protect rolling stock, signalling and infrastructure systems. RazorSecure software has been deployed in more than 1,600 rail vehicles and protected more than 30 million rail passenger journeys since its launch in 2015. The company’s physical and software solutions address the cyber risks present across the modern digital train fleet’s network infrastructure.
RazorSecure recently launched a EN50155 approved Security Gateway designed as a single source of truth onboard the train for all cyber security issues, providing real-time visibility of key hosts, the network and logs from all devices onboard. The Security Gateway enables operators to:
•Separate critical networks and analyse
traffic in real time.
Prevent unauthorised network access.
• Ensure all network communication is
controlled and permitted.
• Aggregate cyber security data for fleet
monitoring in real time.
• Maintain a consistent and powerful
security profile for the entire life of assets.